General
-
Target
aa81950bda657f43ecc174b1b0d1a10f3739fced1ab6c113dcf2a881cc55b027
-
Size
219KB
-
Sample
221123-zjkvtaga8y
-
MD5
b288ff4537ba7155f61ea09050be6635
-
SHA1
29cae56b763a32c257c98a751942b23d5a775e2d
-
SHA256
aa81950bda657f43ecc174b1b0d1a10f3739fced1ab6c113dcf2a881cc55b027
-
SHA512
bb64f791b4c9570913a10da82589aec105e65b8020ff29f1a6cd605982fbe7d37332d4818fca2f293df94bb42cb9a5907c54f002d397060c6965f70f4b26892e
-
SSDEEP
3072:m538xVrxLIQ/j69ZAmqVFtVNhGKxZRGOFhhnbz/OWjuiQQhU0:mV8xLIQ/j6TIZNhGWaOF33OWSk
Static task
static1
Behavioral task
behavioral1
Sample
aa81950bda657f43ecc174b1b0d1a10f3739fced1ab6c113dcf2a881cc55b027.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
aa81950bda657f43ecc174b1b0d1a10f3739fced1ab6c113dcf2a881cc55b027.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
njrat
0.7d
Hacked
kissme1988.no-ip.biz:5552
dc57475995c921da5a2603cdc0101794
-
reg_key
dc57475995c921da5a2603cdc0101794
-
splitter
|'|'|
Targets
-
-
Target
aa81950bda657f43ecc174b1b0d1a10f3739fced1ab6c113dcf2a881cc55b027
-
Size
219KB
-
MD5
b288ff4537ba7155f61ea09050be6635
-
SHA1
29cae56b763a32c257c98a751942b23d5a775e2d
-
SHA256
aa81950bda657f43ecc174b1b0d1a10f3739fced1ab6c113dcf2a881cc55b027
-
SHA512
bb64f791b4c9570913a10da82589aec105e65b8020ff29f1a6cd605982fbe7d37332d4818fca2f293df94bb42cb9a5907c54f002d397060c6965f70f4b26892e
-
SSDEEP
3072:m538xVrxLIQ/j69ZAmqVFtVNhGKxZRGOFhhnbz/OWjuiQQhU0:mV8xLIQ/j6TIZNhGWaOF33OWSk
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-